id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses
5388 Author Permalink (myblog.com/author/username/) does not help security enposte pishmishy "When pretty permalinks are enabled any hacker can easily find out the usernames used on the blog.
All they have to do is type:
'''myblog.com/?author=(some_random_id)'''
and if there is an author with that id, the URL will redirect to:
'''myblog.com/author/matching_username/'''
I think it would be more secure if the URL redirected to:
'''myblog.com/author/author_id/'''
" enhancement closed low Security 2.3.1 minor wontfix